Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-11189

Historic Process Instance Authorizations

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Fixed
    • L3 - Default
    • 7.13.0, 7.13.0-alpha5
    • None
    • engine
    • None

    Description

      Similar to CAM-9395

      AT

      • Introduce new historic process resource with permission READ
      • The historic process instance authorizations are enforced for the following queries
        • Historic Process Instance
        • Historic Activity Instance
        • Historic Task
        • Historic Variable & Detail
        • Identity Link Log
        • Historic Incident
        • Job Log
        • External Task Log
        • User Operation Log
      • History Cleanup
        • When a user creates an authorization on the historic process instance resource and enters a resource id of an existing historic process instance, the root process instance id and if already present the removal time is set to the authorization
        • The batch operation "Set Removal Time for Processes" takes historic process instance authorizations into account
        • The cleanup execution takes historic process instance authorizations into account
        • The legacy history cleanup mechanism (end time based) does not take historic process instance authorizations into account
      • When enableHistoricInstancePermissions is disabled, ...
        • and a user proactively creates a historic process instance authorization, the root process instance id/removal time is added if available
        • the extra SQL for queries is skipped
      • Historic process instance authorizations are removed when the historic process instance is removed via API
      • In Admin, I can grant the newly introduced authorizations
      • I can read docs

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is related to

            Bug Report - A problem which impairs or prevents the functions of the product. CAM-11954 In Webapps, historic instance permission check is missing

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Feature Request - A new feature of the product, which has yet to be developed. CAM-9395 Historic Task Autorizations

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Task - A task that needs to be done. CAM-11741 Remove unnecessary left join in variable & detail query for historic instance permissions

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed
            1.
            		 Introduce HISTORIC_PROCESS_INSTANCE resource with permission READ Sub-task Closed Unassigned
            2.
            		 Historic permission can be enabled with config flag Sub-task Closed Unassigned
            3.
            		 Authorization is enforced for process instance query Sub-task Closed Unassigned
            4.
            		 Authorization is enforced for activity instance query Sub-task Closed Unassigned
            5.
            		 Authorization is enforced for variable & detail query Sub-task Closed Unassigned
            6.
            		 Authorization is enforced for task query Sub-task Closed Unassigned
            7.
            		 Authorization is enforced for identity link log query Sub-task Closed Unassigned
            8.
            		 For cleanup, set removal time when a user creates an authorization Sub-task Closed Unassigned
            9.
            		 For cleanup, set removal time non-hierarchical via process batch operation Sub-task Closed Unassigned
            10.
            		 On process instance deletion, historic authorization is removed Sub-task Closed Unassigned
            11.
            		 I can read docs Sub-task Closed Unassigned
            12.
            		 In Admin, I can grant authorization Sub-task Closed Michael Schoettes
            13.
            		 Authorization is enforced for historic incident query Sub-task Closed Unassigned
            14.
            		 Authorization is enforced for job log query Sub-task Closed Unassigned
            15.
            		 Authorization is enforced for external task log query Sub-task Closed Unassigned
            16.
            		 Authorization is enforced for user operation log query Sub-task Closed Unassigned
            17.
            		 Correct Javadocs for historic activity instance query Sub-task Closed Unassigned
            18.
            		 Revert perform auth checks for the historic process instance query when data is missing Sub-task Closed Unassigned
            19.
            		 I can read docs about historic incident, job log, external task log & user operation log query Sub-task Closed Unassigned
            20.
            		 Adjust query test cases to check additionally ids Sub-task Closed Unassigned

            Activity

              People

                tassilo.weidner Tassilo Weidner
                thorben.lindhauer Thorben Lindhauer
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce